'\" te
.\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology.  For copying and distribution information,  please see the file kerberosv5/mit-sipb-copyright.h.
.\" Portions Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH KDESTROY 1 "Apr 30, 2004"
.SH NAME
kdestroy \- destroy Kerberos tickets
.SH SYNOPSIS
.LP
.nf
\fB/usr/bin/kdestroy\fR [\fB-q\fR] [\fB-c\fR \fIcache_name\fR]
.fi

.SH DESCRIPTION
.sp
.LP
The \fBkdestroy\fR utility destroys the user's active Kerberos authorization
tickets by writing zeros to the specified credentials cache that contains them.
If the credentials cache is not specified, the default credentials cache is
destroyed. If the credentials cache does not exist, \fBkdestroy\fR displays a
message to that effect.
.sp
.LP
After overwriting the cache, \fBkdestroy\fR removes the cache from the system.
The utility displays a message indicating the success or failure of the
operation. If \fBkdestroy\fR is unable to destroy the cache, it will warn you
by making your terminal beep.
.sp
.LP
If desired, you can place the \fBkdestroy\fR command in your \fB\&.logout\fR
file so that your tickets are destroyed automatically when you logout.
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-c\fR \fIcache_name\fR\fR
.ad
.RS 17n
Uses \fIcache_name\fR as the credentials (ticket) cache name and location. If
this option is not used, the default cache name and location are used.
.RE

.sp
.ne 2
.na
\fB\fB-q\fR\fR
.ad
.RS 17n
Runs quietly. Your terminal will not beep when \fBkdestroy\fR fails to destroy
the tickets.
.RE

.SH ENVIRONMENT VARIABLES
.sp
.LP
\fBkdestroy\fR uses the following environment variable:
.sp
.ne 2
.na
\fB\fBKRB5CCNAME\fR\fR
.ad
.RS 14n
Location of the credentials (ticket) cache. See \fBkrb5envvar\fR(7) for syntax
and details.
.RE

.SH FILES
.sp
.ne 2
.na
\fB\fB/tmp/krb5cc_\fIuid\fR\fR\fR
.ad
.RS 19n
Default credentials cache (\fIuid\fR is the decimal \fBUID\fR of the user).
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	Evolving
_
Command arguments	Evolving
_
Command output	Unstable
.TE

.SH SEE ALSO
.sp
.LP
.BR kinit (1),
.BR klist (1),
.BR attributes (7),
.BR kerberos (7),
.BR krb5envvar (7)
.SH BUGS
.sp
.LP
Only the tickets in the specified credentials cache are destroyed. Separate
ticket caches are used to hold root instance and password changing tickets.
These files should probably be destroyed too, or all of a user's tickets should
be kept in a single credential cache.
